Skip to main content

Unbound

19 CVEs product

Monthly

CVE-2026-44390 MEDIUM PATCH This Month

Denial of service in NLnet Labs Unbound 1.25.0 and earlier allows remote unauthenticated attackers to exhaust CPU resources by querying for content from a specially crafted malicious DNS zone containing very large RRsets whose records share no suffix above the root. The name compression logic fails to increment its bounding counter in this edge-case code path, causing an unbounded CPU-locking loop until packet construction completes. This is a complement fix to CVE-2024-8508, which introduced a compression limit in 1.21.1 that did not cover this specific bypass scenario; no public exploit has been identified at time of analysis.

Denial Of Service Unbound
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-42959 HIGH PATCH This Week

Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an attacker controlling a DNSSEC-signed domain to crash the resolver process with a single crafted query. The DNSSEC validator uses an incorrect counter when computing write offsets for ADDITIONAL section rrsets while building chase-reply messages, leaving an uninitialized pointer that is later dereferenced. No public exploit identified at time of analysis, and the issue is fixed in Unbound 1.25.1.

Memory Corruption Denial Of Service Unbound
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42944 HIGH PATCH This Week

Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.

Denial Of Service Unbound
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-42534 MEDIUM PATCH This Month

Resolution performance degradation in NLnet Labs Unbound 1.25.0 and earlier allows an unauthenticated remote attacker - who also controls a malicious or slow authoritative nameserver - to subvert the jostle logic designed to evict stalled queries, ultimately causing denial of resolution service. The jostle mechanism, which activates when the num-queries-per-thread limit is reached, is bypassed because retransmitted duplicate queries reset the aging timestamp to the latest duplicate rather than preserving the original query start time, preventing aged queries from being correctly identified and replaced. No public exploit has been identified at time of analysis; however, the vendor has confirmed the issue and released a patch in version 1.25.1.

Information Disclosure Unbound
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41292 MEDIUM PATCH This Month

Unbound DNS resolver versions up to and including 1.25.0 allow remote unauthenticated attackers to degrade or deny service by sending DNS queries carrying abnormally large numbers of EDNS options, causing resolver threads to become occupied with unbounded parsing and internal data structure allocation. Coordinated multi-source attacks amplify thread exhaustion into full denial of service for legitimate DNS clients. No public exploit identified at time of analysis; vendor-released patch is available in Unbound 1.25.1, which enforces a hard cap of 100 incoming EDNS options.

Denial Of Service Unbound
NVD VulDB
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-40622 MEDIUM PATCH This Month

Ghost domain name extension in NLnet Labs Unbound 1.16.2 through 1.25.0 allows an adversary controlling an expired ghost zone to artificially prolong its resolvability by causing Unbound to overwrite the cached parent-side referral NS rrset with the child-side apex NS rrset, extending the ghost domain window by up to one full cache-max-ttl interval. The attack requires the adversary to control the target ghost zone and issue a single NS query to a vulnerable resolver; in non-default configurations using 'harden-referral-path: yes', no external query is needed as Unbound performs the triggering lookup internally. No public exploit identified at time of analysis and no CISA KEV listing exists; the CVSS 4.0 Exploit Maturity is rated 'Unreported', though the integrity impact on DNS resolution is high (VI:H) and represents a meaningful trust boundary violation.

Information Disclosure Unbound
NVD VulDB
CVSS 4.0
6.6
EPSS
0.0%
CVE-2026-33278 CRITICAL PATCH Act Now

Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attackers to crash the daemon or potentially achieve arbitrary code execution by serving a malicious signed zone to a vulnerable resolver. The flaw stems from a struct-assignment bug during deep copying of response messages when DS sub-queries suspend validation under NSEC3 computational budget exhaustion. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.1 with network attack vector and no required privileges or user interaction makes this a high-priority patching target for any operator running a recursive Unbound resolver.

Memory Corruption Denial Of Service Use After Free RCE Unbound
NVD VulDB
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-1488 HIGH PATCH This Week

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Unbound Codeready Linux Builder Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian +15
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-3204 HIGH This Week

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Unbound Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-30699 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30698 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-28935 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Name Server Daemon Unbound Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-10772 HIGH This Week

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Unbound
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-12663 HIGH PATCH This Week

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-12662 HIGH PATCH This Week

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-18934 HIGH POC PATCH This Week

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Unbound Fedora Leap
NVD GitHub
CVSS 3.1
7.3
EPSS
3.2%
CVE-2019-16866 HIGH PATCH This Week

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2014-8602 MEDIUM PATCH This Month

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Unbound Ubuntu Linux Debian Linux
NVD
CVSS 2.0
4.3
EPSS
7.6%
CVE-2012-1192 MEDIUM This Month

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound
NVD
CVSS 2.0
6.4
EPSS
0.6%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in NLnet Labs Unbound 1.25.0 and earlier allows remote unauthenticated attackers to exhaust CPU resources by querying for content from a specially crafted malicious DNS zone containing very large RRsets whose records share no suffix above the root. The name compression logic fails to increment its bounding counter in this edge-case code path, causing an unbounded CPU-locking loop until packet construction completes. This is a complement fix to CVE-2024-8508, which introduced a compression limit in 1.21.1 that did not cover this specific bypass scenario; no public exploit has been identified at time of analysis.

Denial Of Service Unbound
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an attacker controlling a DNSSEC-signed domain to crash the resolver process with a single crafted query. The DNSSEC validator uses an incorrect counter when computing write offsets for ADDITIONAL section rrsets while building chase-reply messages, leaving an uninitialized pointer that is later dereferenced. No public exploit identified at time of analysis, and the issue is fixed in Unbound 1.25.1.

Memory Corruption Denial Of Service Unbound
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remote unauthenticated attackers to crash the resolver by sending DNS queries containing multiple NSID, DNS Cookie, and/or EDNS Padding options. The flaw stems from a numeric truncation in EDNS field size calculation that lets attacker-influenced data overflow the response buffer. No public exploit identified at time of analysis and not listed in CISA KEV, but the impact is service-wide DNS outage for any user of an affected resolver.

Denial Of Service Unbound
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Resolution performance degradation in NLnet Labs Unbound 1.25.0 and earlier allows an unauthenticated remote attacker - who also controls a malicious or slow authoritative nameserver - to subvert the jostle logic designed to evict stalled queries, ultimately causing denial of resolution service. The jostle mechanism, which activates when the num-queries-per-thread limit is reached, is bypassed because retransmitted duplicate queries reset the aging timestamp to the latest duplicate rather than preserving the original query start time, preventing aged queries from being correctly identified and replaced. No public exploit has been identified at time of analysis; however, the vendor has confirmed the issue and released a patch in version 1.25.1.

Information Disclosure Unbound
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unbound DNS resolver versions up to and including 1.25.0 allow remote unauthenticated attackers to degrade or deny service by sending DNS queries carrying abnormally large numbers of EDNS options, causing resolver threads to become occupied with unbounded parsing and internal data structure allocation. Coordinated multi-source attacks amplify thread exhaustion into full denial of service for legitimate DNS clients. No public exploit identified at time of analysis; vendor-released patch is available in Unbound 1.25.1, which enforces a hard cap of 100 incoming EDNS options.

Denial Of Service Unbound
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Ghost domain name extension in NLnet Labs Unbound 1.16.2 through 1.25.0 allows an adversary controlling an expired ghost zone to artificially prolong its resolvability by causing Unbound to overwrite the cached parent-side referral NS rrset with the child-side apex NS rrset, extending the ghost domain window by up to one full cache-max-ttl interval. The attack requires the adversary to control the target ghost zone and issue a single NS query to a vulnerable resolver; in non-default configurations using 'harden-referral-path: yes', no external query is needed as Unbound performs the triggering lookup internally. No public exploit identified at time of analysis and no CISA KEV listing exists; the CVSS 4.0 Exploit Maturity is rated 'Unreported', though the integrity impact on DNS resolution is high (VI:H) and represents a meaningful trust boundary violation.

Information Disclosure Unbound
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attackers to crash the daemon or potentially achieve arbitrary code execution by serving a malicious signed zone to a vulnerable resolver. The flaw stems from a struct-assignment bug during deep copying of response messages when DS sub-queries suspend validation under NSEC3 computational budget exhaustion. No public exploit identified at time of analysis, but the CVSS 4.0 score of 9.1 with network attack vector and no required privileges or user interaction makes this a high-priority patching target for any operator running a recursive Unbound resolver.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Unbound Codeready Linux Builder +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Unbound Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Name Server Daemon Unbound +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Unbound
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Debian Linux +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unbound Debian Linux +3
NVD
EPSS 3% CVSS 7.3
HIGH POC PATCH This Week

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Unbound +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Ubuntu Linux
NVD GitHub
EPSS 8% CVSS 4.3
MEDIUM PATCH This Month

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Unbound Ubuntu Linux +1
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy